private Credentials creds;

    /**
     * Constructs a CIFS context wrapper with custom credentials.
     *
     * @param delegate the context to wrap
     * @param creds
     *            Credentials to use
     */
    public CIFSContextCredentialWrapper(final AbstractCIFSContext delegate, final Credentials creds) {
        super(delegate);
        this.creds = creds;
    }

    private static class TestAbstractCIFSContext extends AbstractCIFSContext {
        private final Credentials defaultCreds;
        private boolean closeCalled = false;

        public TestAbstractCIFSContext(Credentials defaultCreds) {
            this.defaultCreds = defaultCreds;
        }

        @Override
        protected Credentials getDefaultCredentials() {
            return defaultCreds;
        }

        @Override

from fastapi.testclient import TestClient

app = FastAPI()

security = HTTPDigest()


@app.get("/users/me")
def read_current_user(credentials: HTTPAuthorizationCredentials = Security(security)):
    return {"scheme": credentials.scheme, "credentials": credentials.credentials}


client = TestClient(app)


def test_security_http_digest():
    response = client.get("/users/me", headers={"Authorization": "Digest foobar"})

     */
    public AbstractCIFSContext() {
        Runtime.getRuntime().addShutdownHook(this);
    }

    /**
     * @param creds the credentials to use
     * @return a wrapped context with the given credentials
     */
    @Override
    public CIFSContext withCredentials(final Credentials creds) {
        return new CIFSContextCredentialWrapper(this, creds);
    }

    /**
     *
     * {@inheritDoc}
     *

		return nil, errors.New("AWS Role cannot be activated with static credentials or the web identity token file")
	case conf.Bucket == "":
		return nil, errors.New("no bucket name was provided")
	}

	// Credentials initialization
	var creds *credentials.Credentials
	switch {
	case conf.AWSRole:
		creds = credentials.New(&credentials.IAM{
			Client: &http.Client{
				Transport: NewHTTPTransport(),
			},

			objectName:         objectName,
			accessKey:          credentials.AccessKey,
			secretKey:          credentials.SecretKey,
			expectedRespStatus: http.StatusOK,
		},
		// Test case - 2.
		// Case with non-existent object name.
		{
			bucketName:         bucketName,
			objectName:         "abcd",
			accessKey:          credentials.AccessKey,
			secretKey:          credentials.SecretKey,
			expectedRespStatus: http.StatusNotFound,

			if !ok {
				// Credentials will be invalid but for disabled
				// return a different error in such a scenario.
				if u.Credentials.Status == auth.AccountOff {
					return nil, errAccessKeyDisabled
				}
				return nil, errInvalidAccessKeyID
			}
			cred := u.Credentials
			// Expired credentials return error.
			if cred.IsTemp() && cred.IsExpired() {

        verify(mockContext).getSIDResolver();
    }

    @Test
    @DisplayName("Should get Credentials")
    void testGetCredentials() {
        // Given
        Credentials mockCreds = mock(Credentials.class);
        when(mockContext.getCredentials()).thenReturn(mockCreds);

        // When
        Credentials creds = mockContext.getCredentials();

        // Then
        assertEquals(mockCreds, creds);

provider environments. This allows the generation of temporary credentials with pre-defined access policies for applications/users to interact with MinIO object storage.

Calling AssumeRoleWithWebIdentity does not require the use of MinIO root or IAM credentials. Therefore, you can distribute an application (for example, on mobile devices) that requests temporary security credentials without including MinIO long lasting credentials in the application. Instead, the identity of the caller is validated...

| RoleArn         | String  | Yes      | Must match the Role ARN generated for the identity plugin            |
| DurationSeconds | Integer | No       | Duration of validity of generated credentials. Must be at least 900. |

The validity duration of the generated STS credentials is the minimum of the `DurationSeconds` parameter (if passed) and the validity duration returned by the Identity Management Plugin.

## API Response